Pierangelo Masarati writes: >Peter Mogensen wrote: >> PS: As you can probably see, all access goes through SASL EXTERNAL. UNIX >> root maps to cn=config via ldapi:///,
...plus authz-regexp, I assume > remote access uses x509 certificates. > > Add an ACL (either global, if there aren't any in that database, or > local) that allows the identity you trust to write to that database. Or (temporarily?) change rootdn for the HDB database to cn=config, so root won't need a password for that rootdn over ldapi://. Or use authz-regexp to map your SASL/EXTERNAL identity to the database's rootdn instead of to cn=config. -- Hallvard
